diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb index 746d3cda5..d47dc44d2 100644 --- a/app/controllers/concerns/authentication.rb +++ b/app/controllers/concerns/authentication.rb @@ -2,6 +2,7 @@ module Authentication extend ActiveSupport::Concern included do + before_action :set_current_account before_action :require_authentication helper_method :authenticated? end @@ -16,6 +17,11 @@ module Authentication skip_before_action :require_authentication, **options before_action :resume_session, **options end + + def require_untenanted_access(**options) + skip_before_action :require_authentication, **options + before_action :redirect_tenanted_request, **options + end end private @@ -40,6 +46,10 @@ module Authentication def request_authentication session[:return_to_after_authenticating] = request.url + + # # When we're ready to flip the switch to Launchpad authentication, uncomment this line: + # redirect_to Launchpad.login_url(account: Current.account), allow_other_host: true + redirect_to new_session_path end @@ -51,6 +61,9 @@ module Authentication redirect_to root_url if authenticated? end + def redirect_tenanted_request + redirect_to root_url if ApplicationRecord.current_tenant + end def start_new_session_for(user) user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session| @@ -64,6 +77,10 @@ module Authentication cookies.signed.permanent[:session_token] = { value: session.signed_id, httponly: true, same_site: :lax } end + def set_current_account + Current.account = Account.first + end + def terminate_session Current.session.destroy cookies.delete(:session_token) diff --git a/app/controllers/sessions/launchpad_controller.rb b/app/controllers/sessions/launchpad_controller.rb new file mode 100644 index 000000000..9409f2c85 --- /dev/null +++ b/app/controllers/sessions/launchpad_controller.rb @@ -0,0 +1,12 @@ +class Sessions::LaunchpadController < ApplicationController + require_unauthenticated_access + + def show + if user = Current.account.signal_account.authenticate(sig: params[:sig]).try(:peer) + start_new_session_for user + redirect_to after_authentication_url + else + render plain: "Authentication failed. This is probably a bug.", status: :unauthorized + end + end +end diff --git a/app/models/current.rb b/app/models/current.rb index f67ef117d..5a85b2e16 100644 --- a/app/models/current.rb +++ b/app/models/current.rb @@ -1,6 +1,7 @@ class Current < ActiveSupport::CurrentAttributes attribute :session attribute :http_method, :request_id, :user_agent, :ip_address, :referrer + attribute :account delegate :user, to: :session, allow_nil: true end diff --git a/app/models/launchpad.rb b/app/models/launchpad.rb new file mode 100644 index 000000000..8b437c809 --- /dev/null +++ b/app/models/launchpad.rb @@ -0,0 +1,16 @@ +# lifted from bc3 app/models/launchpad.rb +module Launchpad + extend self + + delegate :url, to: "SignalId.launchpad" + + def login_url(product: false, account: nil, **params) + url product_account_path("/signin", product: product, account: account), params + end + + def product_account_path(path = nil, product: false, account: nil) + product_path = "/fizzy" if product || account + account_path = "/#{account.signal_account.id}" if account + [ product_path, account_path, path ].compact.join + end +end diff --git a/config/routes.rb b/config/routes.rb index db0cf3cd6..7cf104da4 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -85,6 +85,7 @@ Rails.application.routes.draw do scope module: "sessions" do resources :transfers, only: %i[ show update ] end + get "launchpad", to: "sessions/launchpad#show" end resources :users do